Death of the Verification Week: Migrating to Azure Artifact Signing
⏴ Return to the Main Blog

Death of the Verification Week: Migrating to Azure Artifact Signing

Published
April 8, 2026

If you've ever renewed an EV Code Signing certificate with SSL.com, you know the drill: resubmitting business docs you've sent five times before, waiting days for a manual review, and finally - that mandatory voice call to a business line. The entire process was designed for 20+ years ago, not today's CI/CD pipelines.

We recently migrated QliqSoft's application signing workflow to Azure Artifact Signing (formerly Trusted Signing). The contrast was immediate and staggering. The entire migration and testing took less than a day - what used to be a "Verification Week" became a "Verification Hour."

Why SSL.com Renewals Were a Pain Point

Before we walk through the new setup, it's worth naming the specific frustrations that pushed us to make the move. Anyone who has managed EV certificate renewals at a software company will recognize these:

  • Redundant Verification: Every renewal cycle felt like starting from scratch. Business entity documentation submitted previously didn't carry over - you were re-proving your existence from zero.
  • Manual Bottlenecks: Waiting days for a human reviewer to inspect your Articles of Incorporation. No status updates. No automation. Just waiting.
  • The Phone Call Requirement: A mandatory voice call to a verified business line - a process that makes sense if it's 2002, but in a world of distributed teams and VoIP, it's a scheduling nightmare.
  • CI/CD Incompatibility: Manual certificate renewal doesn't play nicely with automated pipelines. Every renewal was a forced interruption.
The Core Problem

Legacy code signing verification was designed for a world where software shipped on CDs. It doesn't belong in a modern deployment pipeline.

The Modern Setup: Azure Artifact Signing

Azure Artifact Signing replaces manual bureaucracy with Identity-as-a-Service. Once you create a Trusted Signing Account in the Azure Portal, identity verification is handled in two automated stages - and the difference from the old way is night and day.

Azure Artifact Signing portal showing Identity Validation and Certificate Profile options
Azure Portal - Trusted Signing Account setup: the two-step flow of Identity Validation followed by Certificate Profile creation.

Organization Identity Validation

Provide your legal business name and website URL. Microsoft cross-references global business databases in real time. Instead of a multi-day manual phone call, verification is typically handled via a quick email link sent to a verified business contact. Time to complete: a few hours, not several days.

Individual Verified ID

This is the "human anchor" for the certificate. You receive an email linking to Microsoft Entra Verified ID. Using the Microsoft Authenticator app, you scan a government ID (Passport or Driver's License) and complete a quick biometric selfie check. Once your personal ID is verified, it instantly validates your role within the organization request. The whole process takes minutes.

The Identity Validation Form

The identity validation form in the Azure Portal is straightforward and - critically - designed to pull from data Microsoft already has about your organization if you're in the Microsoft Partner Center or your Azure Tenant. Here's what it looks like:

Azure Artifact Signing identity validation form
Azure Portal - Identity Validation form. Required fields include organization name, website URL, primary/secondary emails, business identifier (DUNS), and requester name.

A few notes on this form from our experience:

  • The Business Identifier defaults to DUNS Number - make sure this matches your D&B registration exactly.
  • The Certificate Subject Preview on the right updates in real time as you fill in fields - a nice sanity check before you submit.
  • If your organization info is already current in Microsoft Partner Center, the validation often completes in under an hour after submission.
  • The "I accept Microsoft terms of use for artifact signing" checkbox is easy to miss - don't submit without it.

Integration with Advanced Installer

The final piece was wiring up the actual signing step. We use Advanced Installer for our Windows packaging, and it offers native support for Artifact Signing. This is what makes the "under one day" migration actually achievable - there's no custom scripting required.

  1. Digital Signature Tab: Switch your sign tool from "SSL.com" (or whatever legacy provider) to Trusted Signing.
  2. Metadata: Enter your Azure Endpoint (e.g., https://eus.codesigning.azure.net), your Account Name, and your Certificate Profile name.
  3. No Secrets Required: Advanced Installer leverages your existing Azure CLI login context. No certificates to install locally, no PFX passwords to store in project files or environment variables.
# Example: Azure DevOps pipeline step for Artifact Signing
- task: AzureCLI@2
  displayName: 'Sign Package with Trusted Signing'
  inputs:
    azureSubscription: 'Your-Azure-Subscription'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az trustedsigning sign \
        --endpoint "https://eus.codesigning.azure.net" \
        --account "Your-Account-Name" \
        --certificate-profile "Your-Certificate-Profile" \
        --files "path/to/your/*.exe"
💡
Pro Tip

If your business info is already current in Microsoft Partner Center or your Azure Tenant, Organization validation can be nearly instantaneous. You can literally go from "starting the setup" to "first signed build" during a long lunch break.

The Verdict: A One-Day Migration

By the afternoon of our migration day, we had gone from a "Certificate Expired" warning in production to a fully automated CI/CD pipeline producing properly signed binaries - with no manual steps, no phone calls, and no waiting.

The shift to Azure Artifact Signing isn't just about security. It's about developer velocity. Stop scheduling callbacks with certificate authorities and start signing in minutes. The old way was a tax on engineering time - and it's a tax we're not paying anymore.

Frequently Asked Questions (FAQs)

Azure Artifact Signing uses Identity-as-a-Service instead of manual verification processes. Organization validation happens in hours via automated database checks and email verification, while individual verification uses Microsoft Entra Verified ID with biometric selfie checks. No more phone calls, physical certificates, or multi-week renewal cycles.

DevOps teams gain automated certificate management, seamless CI/CD integration, and elimination of manual renewal interruptions. There are no PFX passwords to manage, no local certificates to install, and no 'Verification Weeks' that disrupt deployment schedules. The entire process integrates with existing Azure CLI authentication.

The entire migration can be completed in under one day. Organization validation typically takes a few hours if your business info is current in Microsoft Partner Center. Individual verification takes minutes using the Microsoft Authenticator app. Most of the time is spent updating your build tools to point to the new Azure endpoints.

Yes, modern build tools including Advanced Installer have native Azure Artifact Signing support. You simply switch from your legacy provider to 'Trusted Signing' in the tool's settings, enter your Azure endpoint and account details, and leverage your existing Azure CLI login context. No custom scripting required.

The migration is designed to be seamless. You can maintain your existing SSL.com certificate during the Azure setup process, then switch over once Azure Artifact Signing is validated and tested. This ensures no disruption to production deployments while you transition to the new automated workflow.

The Author
Krishna Kurapati

Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.

Related Content

Customer Success Story:

Blog:

SMS vs. Secure Texting in Healthcare What's Safer?

HIT Security Issues in 2017 - Password Management

4 Reasons to Use Secure Texting with Patients in Ambulatory Services

Related Story:

Whitepaper:

Other Blog Posts

blog

How Much Time Are Your Aides Losing Per Visit? (And What It's Costing You)

For most hospice organizations, Aide productivity loss is invisible on paper but very visible on payroll. Here is how to measure it and what to do about it.

Krishna Kurapati
blog

The Reality of Field-Based Care Teams (And Why Most Tools Fail Them)

Most communication tools were designed for people who sit at desks, log into the same network, and work in one building. Care-at-home teams do none of those things.

Krishna Kurapati
blog

Why Communication Breakdowns Are the #1 Hidden Cost in Hospice Care

The way your care teams communicate may be your single largest source of untracked operational loss. From aide-to-RN gaps to IDG coordination failures, broken communication touches every corner of hospice operations.

Bobbi Weber

Reach Your Patients
Like Your Portal Never Could

Download

QliqCHAT For MobileQliqCHAT For Desktop

Ultimate Guides

Healthcare Call Center Automation
Healthcare Chatbots
HIPAA-Compliant Electronic Signatures
HIPAA-Compliant FormsHIPAA-Compliant Secure TextingHome Health Value-Based Care
Patient Engagement Software
Patient Messaging

Resources

CareersBlogWebinarsSuccess StoriesPatient Portal ResearchBest Practices for Digital Patient EngagementContact UsFAQHIPAA StatementVideosTrust Center

Legal

Terms of ServiceApp Privacy PolicyPrivacy PolicyCookie Policy

© 2026 QliqSOFT, Inc. All Rights reserved

Want our blogs in your inbox?
Subscribe for more!

Thank you!
Oops! Something went wrong while submitting the form.